How to use itsdangerous - 10 common examples
To help you get started, we’ve selected a few itsdangerous examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
ONSdigital / eq-survey-runner / tests / integration / integration_test_case.py View on Github 
def decode_flask_cookie(cookie):
"""Decode a Flask cookie."""
data = cookie.split('.')[0]
data = base64_decode(data)
data = zlib.decompress(data)
return data.decode('utf-8')def setUp(self):
super(TestAddonAuth, self).setUp()
self.user = AuthUserFactory()
self.auth_obj = Auth(user=self.user)
self.node = ProjectFactory(creator=self.user)
self.session = Session(data={'auth_user_id': self.user._id})
self.session.save()
self.cookie = itsdangerous.Signer(settings.SECRET_KEY).sign(self.session._id)
self.configure_addon()
self.JWE_KEY = jwe.kdf(settings.WATERBUTLER_JWE_SECRET.encode('utf-8'), settings.WATERBUTLER_JWE_SALT.encode('utf-8'))def test_user_get_cookie(self):
user = UserFactory()
super_secret_key = 'children need maps'
signer = itsdangerous.Signer(super_secret_key)
session = Session(data={
'auth_user_id': user._id,
'auth_user_username': user.username,
'auth_user_fullname': user.fullname,
})
session.save()
assert signer.unsign(user.get_or_create_cookie(super_secret_key)) == session._iddef test_iter_unsigners(self, serializer, serializer_factory):
class Signer256(serializer.signer):
default_digest_method = hashlib.sha256
serializer = serializer_factory(
secret_key="secret_key",
fallback_signers=[
{"digest_method": hashlib.sha256},
(Signer, {"digest_method": hashlib.sha256}),
Signer256,
],
)
unsigners = serializer.iter_unsigners()
assert next(unsigners).digest_method == hashlib.sha1
for signer in unsigners:
assert signer.digest_method == hashlib.sha256def test_encryption(self):
"""Test that token is not encrypted."""
s = self.TestSerializer()
t1 = s.create_token(1, dict(recid=1))
self.assertRaises(
BadData,
JSONWebSignatureSerializer('anotherkey').loads,
t1
)def __init__(self, app, raise_server_exceptions=True):
from source.settings import SECRET
dispatch = ASGIDispatch(app=app, raise_app_exceptions=raise_server_exceptions)
self.signer = itsdangerous.TimestampSigner(SECRET)
super().__init__(
base_url="https://testserver",
dispatch=dispatch,
headers={"accept": "text/html; */*"},
)def test_decode_with_timeout(self):
secret_key = "predictable-key"
value = u"hello"
s = self.make_serializer(secret_key)
ts = s.dumps(value)
self.assertNotEqual(ts, itsdangerous.Serializer(secret_key).dumps(value))
self.assertEqual(s.loads(ts), value)
time.time = lambda: 10
self.assertEqual(s.loads(ts, max_age=11), value)
self.assertEqual(s.loads(ts, max_age=10), value)
self.assertRaises(itsdangerous.SignatureExpired, s.loads, ts, max_age=9)s = self.make_serializer(
"predictable-key", serializer_kwargs={"sort_keys": True}
)
# pickle tests pop serializer kwargs, so skip this test for those
if not s.serializer_kwargs:
return
ts1 = s.dumps({"c": 3, "a": 1, "b": 2})
ts2 = s.dumps(dict(a=1, b=2, c=3))
self.assertEqual(ts1, ts2)
class TimedSerializerTestCase(SerializerTestCase):
serializer_class = itsdangerous.TimedSerializer
def setUp(self):
self._time = time.time
time.time = lambda: 0
def tearDown(self):
time.time = self._time
def test_decode_with_timeout(self):
secret_key = "predictable-key"
value = u"hello"
s = self.make_serializer(secret_key)
ts = s.dumps(value)
self.assertNotEqual(ts, itsdangerous.Serializer(secret_key).dumps(value))def confirm_account(self, token):
"""Verify that the provided token is for this user's id."""
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except (BadSignature, SignatureExpired):
return False
if data.get('confirm') != self.id:
return False
self.confirmed = True
db.session.add(self)
db.session.commit()
return Truedef confirm_account(self, token):
"""Verify that the provided token is for this user's id."""
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except (BadSignature, SignatureExpired):
return False
if data.get('confirm') != self.id:
return False
self.confirmed = True
db.session.add(self)
db.session.commit()
return Trueitsdangerous
Safely pass data to untrusted environments and back.
Package Health Score
92 / 100Popular itsdangerous functions
- itsdangerous.BadData
- itsdangerous.BadSignature
- itsdangerous.base64_decode
- itsdangerous.json
- itsdangerous.json.dump
- itsdangerous.json.dumps
- itsdangerous.json.JSONEncoder
- itsdangerous.json.JSONEncoder.default
- itsdangerous.json.load
- itsdangerous.json.loads
- itsdangerous.JSONWebSignatureSerializer
- itsdangerous.Serializer
- itsdangerous.SignatureExpired
- itsdangerous.Signer
- itsdangerous.simplejson.dumps
- itsdangerous.TimedJSONWebSignatureSerializer
- itsdangerous.TimedSerializer
- itsdangerous.TimestampSigner
- itsdangerous.URLSafeSerializer
- itsdangerous.URLSafeTimedSerializer